1. CVE-Search
  2. CVE-2006-4673
ID CVE-2006-4673
Summary Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" are disabled. This vulnerability is addressed in the following product release: PHP-Fusion, PHP_Fusion, 6.01.5
References
Vulnerable Configurations
  • cpe:2.3:a:php_fusion:php_fusion:6.0.105:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.105:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.106:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.106:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.107:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.109:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.109:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.110:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.110:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.204:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.204:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.206:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.206:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.303:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.303:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.304:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.304:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.306:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.306:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.0.307:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.0.307:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:*:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:*:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 19908
bugtraq 20060907 PHPFusion <= 6.01.4 extract()/_SERVER[REMOTE_ADDR] sql injection
confirm http://www.php-fusion.co.uk/news.php?readmore=353
misc http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html
secunia 21830
vupen ADV-2006-3523
xf phpfusion-manicore-sql-injection(28818)
Last major update 20-07-2017 - 01:33
Published 11-09-2006 - 16:04
Last modified 20-07-2017 - 01:33
Back to Top